Add keystone v3 EC2 credential tests and client
The v2 version of the /users/{}/credentials/OS-EC2 API was already
present, for completeness this patch adds the v3 equivalent.
This API is not documented because it is preferred to use the
/v3/credentials API for this functionality.
Change-Id: Ide90658fa07a3d5a7ba2e52c3ab7377170273b76
diff --git a/releasenotes/notes/add-keystone-v3-ec2-tests-d959b7d36f0bd7fc.yaml b/releasenotes/notes/add-keystone-v3-ec2-tests-d959b7d36f0bd7fc.yaml
new file mode 100644
index 0000000..ab8d748
--- /dev/null
+++ b/releasenotes/notes/add-keystone-v3-ec2-tests-d959b7d36f0bd7fc.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Added missing clients and tests for keystone's v3 EC2 API which already
+ existed for keystone v2.
diff --git a/tempest/api/identity/v3/test_ec2_credentials.py b/tempest/api/identity/v3/test_ec2_credentials.py
new file mode 100644
index 0000000..a2cbc4a
--- /dev/null
+++ b/tempest/api/identity/v3/test_ec2_credentials.py
@@ -0,0 +1,113 @@
+# Copyright 2020 SUSE LLC
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.identity import base
+from tempest.common import utils
+from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
+
+
+class EC2CredentialsTest(base.BaseIdentityV3Test):
+
+ @classmethod
+ def skip_checks(cls):
+ super(EC2CredentialsTest, cls).skip_checks()
+ if not utils.is_extension_enabled('OS-EC2', 'identity'):
+ msg = "OS-EC2 identity extension not enabled."
+ raise cls.skipException(msg)
+
+ @classmethod
+ def resource_setup(cls):
+ super(EC2CredentialsTest, cls).resource_setup()
+ cls.creds = cls.os_primary.credentials
+
+ @decorators.idempotent_id('b0f55a29-54e5-4166-999d-712347e0c920')
+ def test_create_ec2_credential(self):
+ """Create user ec2 credential."""
+ resp = self.non_admin_users_client.create_user_ec2_credential(
+ self.creds.user_id,
+ tenant_id=self.creds.tenant_id)["credential"]
+ access = resp['access']
+ self.addCleanup(
+ self.non_admin_users_client.delete_user_ec2_credential,
+ self.creds.user_id, access)
+ self.assertNotEmpty(resp['access'])
+ self.assertNotEmpty(resp['secret'])
+ self.assertEqual(self.creds.user_id, resp['user_id'])
+ self.assertEqual(self.creds.tenant_id, resp['tenant_id'])
+
+ @decorators.idempotent_id('897813f0-160c-4fdc-aabc-24ee635ce4a9')
+ def test_list_ec2_credentials(self):
+ """Get the list of user ec2 credentials."""
+ created_creds = []
+ # create first ec2 credentials
+ creds1 = self.non_admin_users_client.create_user_ec2_credential(
+ self.creds.user_id,
+ tenant_id=self.creds.tenant_id)["credential"]
+ created_creds.append(creds1['access'])
+ self.addCleanup(
+ self.non_admin_users_client.delete_user_ec2_credential,
+ self.creds.user_id, creds1['access'])
+
+ # create second ec2 credentials
+ creds2 = self.non_admin_users_client.create_user_ec2_credential(
+ self.creds.user_id,
+ tenant_id=self.creds.tenant_id)["credential"]
+ created_creds.append(creds2['access'])
+ self.addCleanup(
+ self.non_admin_users_client.delete_user_ec2_credential,
+ self.creds.user_id, creds2['access'])
+
+ # get the list of user ec2 credentials
+ resp = self.non_admin_users_client.list_user_ec2_credentials(
+ self.creds.user_id)["credentials"]
+ fetched_creds = [cred['access'] for cred in resp]
+ # created credentials should be in a fetched list
+ missing = [cred for cred in created_creds
+ if cred not in fetched_creds]
+ self.assertEmpty(missing,
+ "Failed to find ec2_credentials %s in fetched list" %
+ ', '.join(cred for cred in missing))
+
+ @decorators.idempotent_id('8b8d1010-5958-48df-a6cd-5e3df72e6bcf')
+ def test_show_ec2_credential(self):
+ """Get the definite user ec2 credential."""
+ resp = self.non_admin_users_client.create_user_ec2_credential(
+ self.creds.user_id,
+ tenant_id=self.creds.tenant_id)["credential"]
+ self.addCleanup(
+ self.non_admin_users_client.delete_user_ec2_credential,
+ self.creds.user_id, resp['access'])
+
+ ec2_creds = self.non_admin_users_client.show_user_ec2_credential(
+ self.creds.user_id, resp['access']
+ )["credential"]
+ for key in ['access', 'secret', 'user_id', 'tenant_id']:
+ self.assertEqual(ec2_creds[key], resp[key])
+
+ @decorators.idempotent_id('9408d61b-8be0-4a8d-9b85-14f61edb456b')
+ def test_delete_ec2_credential(self):
+ """Delete user ec2 credential."""
+ resp = self.non_admin_users_client.create_user_ec2_credential(
+ self.creds.user_id,
+ tenant_id=self.creds.tenant_id)["credential"]
+ access = resp['access']
+ self.non_admin_users_client.delete_user_ec2_credential(
+ self.creds.user_id, access)
+ self.assertRaises(
+ lib_exc.NotFound,
+ self.non_admin_users_client.show_user_ec2_credential,
+ self.creds.user_id,
+ access)
diff --git a/tempest/lib/services/identity/v3/users_client.py b/tempest/lib/services/identity/v3/users_client.py
index f47730f..bba02a4 100644
--- a/tempest/lib/services/identity/v3/users_client.py
+++ b/tempest/lib/services/identity/v3/users_client.py
@@ -118,3 +118,30 @@
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
+
+ def create_user_ec2_credential(self, user_id, **kwargs):
+ post_body = json.dumps(kwargs)
+ resp, body = self.post('/users/%s/credentials/OS-EC2' % user_id,
+ post_body)
+ self.expected_success(201, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def delete_user_ec2_credential(self, user_id, access):
+ resp, body = self.delete('/users/%s/credentials/OS-EC2/%s' %
+ (user_id, access))
+ self.expected_success(204, resp.status)
+ return rest_client.ResponseBody(resp, body)
+
+ def list_user_ec2_credentials(self, user_id):
+ resp, body = self.get('/users/%s/credentials/OS-EC2' % user_id)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def show_user_ec2_credential(self, user_id, access):
+ resp, body = self.get('/users/%s/credentials/OS-EC2/%s' %
+ (user_id, access))
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
diff --git a/tempest/tests/lib/services/identity/v3/test_users_client.py b/tempest/tests/lib/services/identity/v3/test_users_client.py
index c0dfdae..7be0480 100644
--- a/tempest/tests/lib/services/identity/v3/test_users_client.py
+++ b/tempest/tests/lib/services/identity/v3/test_users_client.py
@@ -141,6 +141,35 @@
]
}
+ FAKE_USER_EC2_CREDENTIAL_INFO = {
+ "credential": {
+ 'user_id': '9beb0e12f3e5416db8d7cccfc785db3b',
+ 'access': '79abf59acc77492a86170cbe2f1feafa',
+ 'secret': 'c4e7d3a691fd4563873d381a40320f46',
+ 'trust_id': None,
+ 'tenant_id': '596557269d7b4dd78631a602eb9f151d'
+ }
+ }
+
+ FAKE_LIST_USER_EC2_CREDENTIALS = {
+ "credentials": [
+ {
+ 'user_id': '9beb0e12f3e5416db8d7cccfc785db3b',
+ 'access': '79abf59acc77492a86170cbe2f1feafa',
+ 'secret': 'c4e7d3a691fd4563873d381a40320f46',
+ 'trust_id': None,
+ 'tenant_id': '596557269d7b4dd78631a602eb9f151d'
+ },
+ {
+ 'user_id': '3beb0e12f3e5416db8d7cccfc785de4r',
+ 'access': '45abf59acc77492a86170cbe2f1fesde',
+ 'secret': 'g4e7d3a691fd4563873d381a40320e45',
+ 'trust_id': None,
+ 'tenant_id': '123557269d7b4dd78631a602eb9f112f'
+ }
+ ]
+ }
+
def setUp(self):
super(TestUsersClient, self).setUp()
fake_auth = fake_auth_provider.FakeAuthProvider()
@@ -201,6 +230,33 @@
user_id='817fb3c23fd7465ba6d7fe1b1320121d',
)
+ def _test_create_user_ec2_credential(self, bytes_body=False):
+ self.check_service_client_function(
+ self.client.create_user_ec2_credential,
+ 'tempest.lib.common.rest_client.RestClient.post',
+ self.FAKE_USER_EC2_CREDENTIAL_INFO,
+ bytes_body,
+ status=201,
+ user_id="1",
+ tenant_id="123")
+
+ def _test_show_user_ec2_credential(self, bytes_body=False):
+ self.check_service_client_function(
+ self.client.show_user_ec2_credential,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ self.FAKE_USER_EC2_CREDENTIAL_INFO,
+ bytes_body,
+ user_id="1",
+ access="123")
+
+ def _test_list_user_ec2_credentials(self, bytes_body=False):
+ self.check_service_client_function(
+ self.client.list_user_ec2_credentials,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ self.FAKE_LIST_USER_EC2_CREDENTIALS,
+ bytes_body,
+ user_id="1")
+
def test_create_user_with_string_body(self):
self._test_create_user()
@@ -255,3 +311,30 @@
user_id='817fb3c23fd7465ba6d7fe1b1320121d',
password='NewTempestPassword',
original_password='OldTempestPassword')
+
+ def test_create_user_ec2_credential_with_str_body(self):
+ self._test_create_user_ec2_credential()
+
+ def test_create_user_ec2_credential_with_bytes_body(self):
+ self._test_create_user_ec2_credential(bytes_body=True)
+
+ def test_show_user_ec2_credential_with_str_body(self):
+ self._test_show_user_ec2_credential()
+
+ def test_show_user_ec2_credential_with_bytes_body(self):
+ self._test_show_user_ec2_credential(bytes_body=True)
+
+ def test_list_user_ec2_credentials_with_str_body(self):
+ self._test_list_user_ec2_credentials()
+
+ def test_list_user_ec2_credentials_with_bytes_body(self):
+ self._test_list_user_ec2_credentials(bytes_body=True)
+
+ def test_delete_user_ec2_credential(self):
+ self.check_service_client_function(
+ self.client.delete_user_ec2_credential,
+ 'tempest.lib.common.rest_client.RestClient.delete',
+ {},
+ user_id="123",
+ access="1234",
+ status=204)